[Silicon Defense logo]

SnortSnarf alert page

Source: 66.196.73.77

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

14 such alerts found using input module SnortFileInput, with sources:
Earliest: 19:59:13.158127 on 05/11/2003
Latest: 14:33:50.113905 on 06/08/2003

1 different signatures are present for 66.196.73.77 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

66.196.73.77 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/11-19:59:13.158127 66.196.73.77:23285 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:37213 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1AEC08A7 Ack: 0x97CBE703 Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/13-08:50:58.953765 66.196.73.77:27400 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:25603 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8CE361BE Ack: 0x3B21663A Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/14-09:16:30.168082 66.196.73.77:38913 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3251 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD9EFBF14 Ack: 0xDB0BBC5D Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/17-03:44:47.338364 66.196.73.77:17109 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:17335 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE5451FC0 Ack: 0x48D7C1BF Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/17-16:41:16.303885 66.196.73.77:41697 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:8059 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x868F4120 Ack: 0xBCA12416 Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/17-18:25:32.652758 66.196.73.77:2230 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:38229 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x13619246 Ack: 0x4729098B Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/17-19:39:05.620613 66.196.73.77:1519 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:60017 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2D6B474C Ack: 0x5E0273B3 Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/17-21:37:16.347329 66.196.73.77:40125 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:7043 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF6F19996 Ack: 0x1B4735A4 Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/19-04:34:55.932684 66.196.73.77:23965 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:50563 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB4A7AA15 Ack: 0x84CFEEE8 Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/19-19:40:32.342656 66.196.73.77:37478 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:55189 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x62F72CEA Ack: 0xE1E95A92 Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/01-09:38:35.437883 66.196.73.77:41597 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:42467 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x34DDC5EA Ack: 0x3D2D97FD Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/07-22:14:57.281514 66.196.73.77:26438 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:57625 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF9C6CF4E Ack: 0xE5721693 Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/07-23:36:08.492589 66.196.73.77:3215 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:13415 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC03D7255 Ack: 0x17E488BB Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/08-14:33:50.113905 66.196.73.77:30071 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:1953 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBB1EFFCE Ack: 0x5784922D Win: 0xFAF0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003